ETSI GR PDL 017 V1.1.1 (2024-07)

GROUP REPORT
Permissioned Distributed Ledger (PDL);
Application of PDL to Amended Regulation 910/2014 (eIDAS 2)
Qualified Trust Services
Disclaimer
The present document has been produced and approved by the Permissioned Distributed Ledger (PDL) ETSI Industry
Specification Group (ISG) and represents the views of those members who participated in this ISG.
It does not necessarily represent the views of the entire ETSI membership.

2 ETSI GR PDL 017 V1.1.1 (2024-07)

Reference
DGR/PDL-0017_eIDAS App
Keywords
data, PDL, security, time-stamping, trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
and/or governmental
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2024.
All rights reserved.
ETSI
3 ETSI GR PDL 017 V1.1.1 (2024-07)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
Introduction . 4
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 6
3 Definition of terms, symbols and abbreviations . 7
3.1 Terms . 7
3.2 Symbols . 7
3.3 Abbreviations . 7
4 Features of PDL . 7
4.1 Common Context . 7
4.2 Properties . 8
4.3 Governance. 8
4.3.1 Principles . 8
4.3.2 Other Factors to be considered in a Governance Regime . 9
5 Features of eIDAS 2 Qualified Trust Services . 9
5.1 eIDAS 2 trust services . 9
5.2 Qualified Trust Service Providers . 10
5.3 Specific Requirements of EU Qualified Electronic Ledgers . 10
5.4 Governance and Audit Requirements . 10
6 PDL and eIDAS 2 Trust Services . 11
6.1 PDL as an eIDAS Trust Service . 11
6.1.1 Requirements for Qualified Electronic Ledgers vs Features of PDL . 11
6.1.2 Governance & Audit . 11
6.1.3 Policy and Security Requirements . 12
6.1.4 Trust Management . 13
6.2 PDL in Support of other eIDAS 2 Trust Services . 13
6.2.1 PDL in support of Time Stamping . 13
6.2.2 PDL in support of Signature Validation . 13
6.2.3 PDL in support of Certificate Issuance and Revocation . 13
6.2.4 PDL in support of Electronic Attestation of Attributes Services . 13
6.2.5 PDL in support of Electronic Archive Services . 14
6.2.6 PDL in support of Electronic Registered Delivery Services . 14
rd
6.3 Application to 3 (non-EU) countries . 14
7 Consideration of benefits and challenges . 14
7.1 Benefits . 14
7.2 Challenges and Risks. 15
7.3 General Conclusions. 15
Annex A: Bibliography . 16
History . 17

ETSI
4 ETSI GR PDL 017 V1.1.1 (2024-07)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its

Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This Group Report (GR) has been produced by ETSI Industry Specification Group (ISG) Permissioned Distributed
Ledger (PDL).
Modal verbs terminology
In the present document "should", "should not", "may", "need not", "will", "will not", "can" and "cannot" are to be
interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
Distributed ledgers have become the intrinsic foundation of secure decentralized transaction-based applications,
including (but not limited to) decentralized cryptocurrencies. They are often referred to as blockchain, given the use of
cryptographic techniques to link a growing list of blocks (records). While blockchain is a specific implementation of a
distributed ledger, the industry has conformed with use of a more generic term:
• Distributed Ledger Technology (DLT).
Distributed ledgers can be considered as permissioned or permission-less, referring to the requirements for a node to be
approved to validate transactions and record them on the ledger.
The present document is one of a series of reports and specifications developed by the ETSI Industry Specification
Group on Permissioned Distributed Ledger (ISG PDL) (see https://www.etsi.org/technologies/permissioned-distributed-
ledgers).
ETSI
5 ETSI GR PDL 017 V1.1.1 (2024-07)
Regulation (EU) 2024/1183 amending Regulation (EU) No 910/2014 [i.12] as regards establishing a framework for a
European Digital Identity [i.1], commonly referred to as eIDAS 2, provides a framework for use of digital signatures
and electronic identities based on an EU Digital Identity Wallet for a pan-European infrastructure supporting electronic
identities, authentication and signatures. The amended regulation includes requirements for an commercially provided
infrastructure of "trust services" which supports the European Digital Identity Framework. One of the supporting trust
services identified in eIDAS 2 [i.1] is an electronic ledger which may be provided by a single body, or distributed
access several providers which are permissioned to provide a distributed ledger in the form of a Permissioned
Distributed Ledger.
A set of reports and specification primarily at supporting digital signatures under the current Regulation (EU)
No 910/2014 [i.12] have been developed by ETSI Technical Committee on electronic Signatures and Trust
Infrastructure (see ETSI TC ESI activities). ETSI TC ESI is currently developing a further set of specifications in
support of Regulation (EU) 2024/1183 [i.1] the amending Regulation (EU) No 910/2014 including support for the EU
Digital Identity Wallet and additional trust services such as electronic ledgers (see ETSI portal TC ESI). eIDAS 2
defines specific requirements for "Qualified Trust Service" which are overseen by national regulatory bodies and are
given a form of legal presumption.
The present document considers the application of PDL to qualified trust services under Regulation (EU) 2024/1183
amending Regulation (EU) No 910/2014 (eIDAS 2) [i.1].

ETSI
6 ETSI GR PDL 017 V1.1.1 (2024-07)
1 Scope
The present document describes the features of a PDL to be applicable as a qualified electronic ledger and in support for
eIDAS 2 [i.1] trust services. The present document analyses the properties that a PDL can have to be an enabler for
eIDAS 2 [i.1] regulation for electronic identification, authentication and signatures, and also for using eIDAS 2 [i.1] in
other areas of the Digital Economy.
2 References
2.1 Normative references
Normative references are not applicable in the present document.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024
amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity
Framework (eIDAS 2).
[i.2] ISO/TS 23635:2022: "Blockchain and distributed ledger technologies Guidelines for governance".
[i.3] ETSI EN 319 422: "Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and
time-stamp token profiles".
[i.4] ETSI TS 119 102-2: "Electronic Signatures and Infrastructures (ESI); Procedures for Creation and
Validation of AdES Digital Signatures; Part 2: Signature Validation Report".
[i.5] ETSI EN 319 411-1: "Electronic Signatures and Trust Infrastructures (ESI); Policy and security
requirements for Trust Service Providers issuing certificates; Part 1: General requirements".
[i.6] ETSI DTS/ESI-0019472-1 Work item on "Electronic Signatures and Trust Infrastructures (ESI);
Profiles for Electronic Attestations of Attributes; Part 1: General requirements".
[i.7] ETSI EN 319 522 (all parts): "Electronic Signatures and Infrastructures (ESI); Electronic
Registered Delivery Services".
[i.8] ETSI GS PDL 012: "Permissioned Distributed Ledger (PDL); Reference Architecture".
[i.9] ETSI GS PDL 015: "Permissioned Distributed Ledger (PDL); Reputation management".
[i.10] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on
measures for a high common level of cybersecurity across the Union, amending
Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing
Directive (EU) 2016/1148 (NIS 2 Directive).
[i.11] ETSI EN 319 401: "Electronic Signatures and Trust Infrastructures (ESI); General Policy
Requirements for Trust Service Providers".
ETSI
7 ETSI GR PDL 017 V1.1.1 (2024-07)
[i.12] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on
electronic identification and trust services for electronic transactions in the internal market and
repealing Directive 1999/93/EC.
[i.13] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
[i.14] ETSI TR 103 684: "Electronic Signatures and Infrastructures (ESI); Global Acceptance of EU
Trust Services".
[i.15] Pilot for the International Compatibility of Trust Services.
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the terms given in eIDAS 2 [i.1] and the following apply:
eIDAS 2: Regulation (EU) 2024/1183 [i.1] amending Regulation (EU) No 910/2014 as regards establishing a
framework for a European Digital Identity [i.1]
GDPR: EU General Data Protection Regulation [i.13]
NIS2: EU Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union [i.10]
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
DLT Distributed Ledger Technology
EBSI European Blockchain Services Infrastructure
LOTL List of Trusted Lists
PDL Permissioned Distributed Ledger
QTSP Qualified Trust Service Provider
NOTE: Under eIDAS 2 [i.1].
TC ESI Technical Committee on Electronic Signatures and Trust Infrastructures
TSP Trust Service Provider
4 Features of PDL
4.1 Common Context
PDL, in nature, is a permissioned electronic ledger which is distributed. The capabilities to configure automated process
which are permissioned fit into more possibilities for regulatory frameworks to provide legal certainty with distributed
ledgers which usually are not single-jurisdictional governance model instead of multi-jurisdictional governance model.
The European Union and the efforts for the Digital Single Market in the European space represent per se a multi-
jurisdictional governance model which can be harmonised for specific requirements when a distributed ledger is being
used like European Blockchain Services Infrastructure (EBSI).
ETSI
8 ETSI GR PDL 017 V1.1.1 (2024-07)
The present document does not consider the alternative approaches to identification and authentication commonly
associated with distributed ledgers such as use of decentralised identifiers, and the electronic identification,
authentication and signature services of eIDAS 2 [i.1].
A reference architecture for PDL is given in ETSI GS PDL 012 [i.8].
4.2 Properties
The main properties of a PDL are:
• Immutably: The content of the ledger cannot be changed.
• Integrity: Any change to an individual record once placed in the ledger can be detected.
• Sequence: Any change to the sequence of records in a ledger can be detected.
• Persistent: The above properties are not time-limited.
• Verifiable/auditable: The above properties can be checked independent of any provider of ledger services.
• Accountable: Each members of a PDL can be held to account for the provision of its services.
• Redundancy: The properties of the PDL do not depend on a single point of failure in the functionality or
security of a ledger service provider.
Non-essential properties of a PDL which may be provided using services external to the PDL:
• The identity of the originator of a record.
• The time at which a record was added to the ledger.
PDL is based upon multi-party provision of a distributed ledger with consensus and synchronization protocols between
the parties ensuring an agreed content of the ledger.
PDL is also based on governance regime with permission granted to the ledger providers.
4.3 Governance
4.3.1 Principles
Principles of governance of a distributed ledger, including a PDL, based on ISO/TS 23635 [i.2] are as follows in
Table 1.
Table 1
ISO/TS 23635 [i.2] PDL
Principle 1: Define identifiers of entities Through PDL governance, the entities providing ledgers are identifiable
involved within the community. In addition, the identity of the node originating data
record is identifiable.
Principle 2: Enable decentralized Decentralised within scope of governance domain as distributed across
decision-making several nodes. Collective decisions recorded explicitly on ledger.
Principle 3: Ensure explicit accountability Through the PDL governance the responsibilities and liabilities of the
identified PDL providers can be clearly defined.
Principle 4: Support transparency and The governance regime
...